动态运行ClamAV的文件上传与PHP的clamscan [英] Dynamically running ClamAV's clamscan on file uploads with PHP

问题描述

Stack，

我想用clam反病毒的clamscan工具扫描每个通过php上传脚本上传的文件。我想我已经写了一个很好的脚本，但我想跑过你们。

因此，假设我发送到这个php上传脚本的文件是命名为 UploadedFile的 执行以下操作的代码有意义

 <？PHP 
 
 $ safe_path = escapeshellarg（'/ tmp /'。$ _FILES ['uploadedfile'] ['tmp_name']）; 
 $命令='clamscan'。 $ safe_path; 
 $ out =''; 
 $ int = -1; 
 exec（$ command，$ out，$ int）; 
 
 if（$ int == 0）{
 //所有的代码都在这里上传文件，正常的IE移动到
永久目录等等。 
} else {
 unlink（'/ tmp /'。$ _FILES ['uploadedfile'] ['tmp_name']）; 
 header（位置：http://www.domain.com/uploadform.php?error=your-file-was-infected-pal）; 
} 
 
？> 
  

此外，将clamscan发现PHP壳，以及传统的好老恶意软件？

谢谢！

更新 - 找到答案

我回答了我自己的问题问题，但没有正式这样做的声誉。这里是安塞尔：

对于那些后来的人来说。我已经使用EICAR测试病毒文件测试了这个脚本： http://eicar.org/86-0-Intended- use.html 和一些调整后，它的作品。返回变量$ int告诉你文件是否安全。如果$ int为0，则没有发现病毒，如果$ int是1，则发现病毒。然而，有一些变化，我必须使脚本工作（我更新$ safe_path变量是正确的），这里是工作脚本：

 <？php 
 
 $ safe_path = escapeshellarg（$ _ FILES ['uploadedfile'] ['tmp_name']）; 
 $命令='clamscan'。 $ safe_path; 
 $ out =''; 
 $ int = -1; 
 exec（$ command，$ out，$ int）; 
 
 if（$ int == 0）{
 //所有的代码都在这里上传文件，正常的IE移动到
永久目录等等。 
} else {
 //无论您在发现病毒时需要做什么。 
} 
 
？> 
  

解决方案

请注意，如果你的服务器运行一个ClamAV的守护进程（clamd的）有可能使用clam扫描，而不是clamscan，因为使用已经加载的病毒签名，这个用法更快。

Stack,

I want to scan each file that gets uploaded via my php upload script with clam anti-virus's clamscan tool. I think I've got a good script written but I wanted to run it past you guys.

So assuming that the file I'm sending to this php upload script is named "uploadedfile" does the following code make sense?

<?php

$safe_path = escapeshellarg('/tmp/' . $_FILES['uploadedfile']['tmp_name']);
$command = 'clamscan ' . $safe_path;
$out = '';
$int = -1;
exec($command, $out, $int);

if ($int == 0) {
   // all good, code goes here uploads file as normal IE move to
permanent directory etc;
} else {
   unlink('/tmp/' . $_FILES['uploadedfile']['tmp_name']);
header(Location: http://www.domain.com/uploadform.php?error=your-file-was-infected-pal);
}

?>

Also, will clamscan find php shells as well as traditional good old malware?

Thanks!

Update - found the answer

I answered my own question but don't have the reputation to officially do so. Here is the anser:

For those who come after. I've tested this script using the EICAR test virus file http://eicar.org/86-0-Intended-use.html and after a few tweaks it works. The return variable $int is what tells you whether or not the file is safe or not. If $int is 0, no virus was found, if $int is 1, a virus was found. However, there are some changes that I had to make the script work (I updated the $safe_path variable to be correct), here is the working script:

<?php

$safe_path = escapeshellarg($_FILES['uploadedfile']['tmp_name']);
$command = 'clamscan ' . $safe_path;
$out = '';
$int = -1;
exec($command, $out, $int);

if ($int == 0) {
   // all good, code goes here uploads file as normal IE move to
permanent directory etc;
} else {
  //whatever you need to do if a virus is found.
}

?>

解决方案

Note that if your server runs a clamav daemon (clamd) it may be possible to use clamdscan instead of clamscan as proposed, this usage is faster since use virus signatures already loaded by clamd.

这篇关于动态运行ClamAV的文件上传与PHP的clamscan的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！